The need for compliance with the Protection of Personal Information Act (PoPIA) has placed the spotlight firmly on data management as a core component of compliance.
By Chris de Bruyn, ops director and head of compliance at Gabsten
With PoPIA coming into effect, companies can no longer hide behind a lack of awareness – ‘I didn’t know’ is not a viable defence strategy anymore.
Far from being a grudge exercise, however, compliance should be a top business priority, because research by Cisco shows that companies that invest in data privacy, and by extension data management and compliance, are actually more profitable.
It begins and ends with data
PoPIA states that all businesses need to know what data they have, where it is stored, for what purpose it is used, and they need to maintain a record of destruction should the information be destroyed. Data management is therefore intrinsically interlinked with compliance. It is impossible to be compliant with PoPIA and other data privacy legislation without it.
On the other side of the coin, data is money in today’s world, so if businesses do not know what data they have, or they cannot get to it quickly enough, they will lose the ability to be first to market.
There is also the issue of data protection. Cybercrime is a real threat, and data needs to be protected, but not all data needs to be protected with the same vigour.
However, if a business is unable to classify their data according to sensitivity and business priority, it is all but impossible to avoid a costly blanket strategy. An indiscriminate approach to data protection can make compliance unmanageable, while vastly increasing costs, not only in terms of data protection, but storage as well.
The bottom line
Aside from the fact that businesses must comply or face severe penalties from the regulator, data privacy is actually in everyone’s best interest. Every business person is also a private individual whose data they would like protected because the consequences of identity theft can be significant and damaging.
There is also a growing body of evidence showing that businesses that focus on data privacy, and by extension data management, data governance and compliance, are more profitable.
The 2020 Cisco Data Privacy Benchmark Study, for example, investigates the business benefits associated with data privacy investments. According to the report, the majority of organisations achieve positive returns from their investment, and almost half of respondents say that the benefits are at least double what they spend.
More than 70% of the organisations in the survey highlight improved operational efficiency, agility and innovation as significant business benefits from data privacy investment.
In addition, the report highlights the following benefits that translate directly into the bottom line: 67% reducing sales delays; 71% mitigating losses from data breaches; 71% enabling agility and innovation; 72% achieving operational efficiency from data controls, 73% making the company more attractive to investors; and 74% building loyalty and trust with customers.
Not a destination
While compliance can and will be beneficial to all businesses, it is important to bear in mind that it is, in fact, a constantly moving target and not an end goal. Organisations cannot adopt an approach of ‘set and forget’ when it comes to compliance policies, because compliance is a continuous process that involves every person.
Constant training and reinforcement of policies, with all staff members, not just the compliance department and senior management, is vital. It is also important that people understand why compliance is an important task, from a business as well as a personal perspective. When customers give their personal data to a business, it creates an obligation for the business to protect it, which as people with personal information themselves, all staff should appreciate.
The reality is that data is not static, and therefore compliance policies are not static either. Compliance is not a destination, but an ongoing approach toward better managing data, that can positively impact business profitability in the long term.